Application Security Testing: An Integral Part of DevOps
If you're developing your ASP.NET Web application on the server you intend to run it on, you'll find deployment a real doddle: Just hand out the address. Don't worry about the security of your source code: IIS will automatically prevent anyone from downloading it. And when it comes to administration? Simply open the project straight from the Web server and start changing. Super-cool!
However, if you're exposing your ASP.NET Web application through a host account, it's most likely that you'll be given just one "virtual folder," a single application within IIS. That's great if you're just uploading one core application—you merely have to access your folder via FTP, transfer all your application files, access through your URL, and, hey presto!
So, if you're uploading multiple ASP.NET Web applications, follow this three-point checklist for trouble-free deployment:
- Create a Bin directory via FTP in your root application folder. Go through every Web application you plan to upload and move its contents (typically your assembly DLL, any referenced components, and a possible debug file) into this one directory.
- You're allowed only one Web.config and Global.asax file per IIS application. Choose the files you want to use and upload them directly into your root folder. Make sure you do not upload a Web.config file into any other directory; it'll cause an error in that directory, whereas excess Global.asax files simply get ignored.
- Finally, upload the rest of your files (typically just ASPX pages) into the relevant locations and subdirectories, and then attempt to access them via your URL. They'll all automatically find their supporting assemblies in the root Bin folder, plus use the Web.config and Global.asax files you uploaded.
It's always confusing at first, but follow these three steps to take real advantage of your hosting account and save yourself a good few bucks. Good luck!
About the Author
Karl Moore (MCSD, MVP) is an experience author living in Yorkshire, England. He is author of numerous technology books, including the new Ultimate VB .NET and ASP.NET Code Book, plus regularly features at industry conferences and on BBC radio. Moore also runs his own creative consultancy, White Cliff Computing Ltd. Visit his official Web site at www.karlmoore.com.